Access cpanel user by a token sended to authorised email
When a server have brute force attacks I think this can help
Step 1: the Administrator set for domain the emails that can receive cpanel access url
Step 2: when the cpanel user go to cpanel login page, the page request him the email. If the email is in list of domains that can access to cpanel, the system create a access token valid for the ip that request the access and send it to the email. obviuosly the access token can have an expiration time and other features. But the basic is only emails with previous authrization of administrator can receive those tokens and the access is valid only for this ip.
step 3: the email receive the auth token in url format and can go to login page to login to cpanel and type his user and pass.
I think this can be a good option in case the server have cpanel access brute force attack
Sorry my english.